The top 50 woeful passwords exposed by the Adobe security breach

In early October, Adobe revealed that hackers had breached its network and (as well as stealing source code) had accessed customer databases including the details of approximately 3 million users.

Within a couple of weeks, however, Adobe was forced to acknowledge that a more accurate figure for the number of people who were impacted by the hack was some 38 million active users after a 3.8GB file containing more than 150 million usernames/passwords was dumped on the net.

"So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users," said Adobe spokesperson Heather Edell.

The truth is that, in a screw-up of colossal proportions, Adobe didn't protect the password data with a one-way cryptographic hashing algorithm.

Instead, Adobe encrypted its password data with Triple DES (3DES) in ECB mode - an incredibly poor choice because it always produces the same output if you feed it the same input.

In short, if you happened to choose the same password as someone else, Adobe will have been storing the byte-for-byte same encrypted ciphertext version of the password for each user.

Furthermore, the leaked database included users' plaintext password hints, helping to reveal what the most commonly used passwords were.

For instance, if you saw the following hints from thousands of different users, all associated with the same ciphertext, you would probably be able to guess the actual password that they shared - right?

As you can see, the most popular password, chosen by almost two million Adobe users, is 123456. Other password choices are equally poor: password, 123456789, qwerty, etc...

As Gosney told ZDNet, it only took a few hours to determine the top 100 passwords:

The password hints were the most telling. An overwhelming number of people took the concept of a password hint too literally, and flat-out provided the password itself as the hint. By analysing thousands of password hints per ciphertext, and matching that information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. It took about three hours to determine what the top 100 passwords were with this method.

Gosney went on to tell me that the release of the Adobe password database could make a significant impact on future password cracking:

If we can recover the encryption key and decrypt the passwords, it will be huge for password crackers. RockYou was the first real glimpse we got at how users select passwords on a massive scale. This leak is nearly 5x the size of RockYou, and will give us amazing statistics for probabilistic password cracking.

The only good news in this sorry mess is that Adobe says that it now protects passwords following best practices, and it has now reset the exposed passwords. But that's not going to be much help if you've used the same password elsewhere on the internet.

In short, you should never use the same password on multiple websites. And you need to stop choosing obvious, easy-to-crack passwords.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack, spyware keyloggers or a data breach) and then hackers using it to unlock your other online accounts.

If you find passwords a burden - simply use password management software like LastPass, 1Password, and KeePass. They can generate complex, hard-to-crack passwords for you and do all the heavy work of remembering them on your behalf.

Meanwhile, if you run a company or website which needs to store users' passwords, you should be taking much better care than Adobe did in ensuring that they are tricky to crack, using a one-way cryptographic hashing algorithm.

After all, if a hacker does manage to break into your computer systems you want to feel confident that they're going to find it as hard as possible to crack the passwords your customers have entrusted you with.

And maybe it's time to implement tougher requirements on your customers in the first place, ensuring that they use passwords that are more complex and harder to guess in future.

4 Responses

It's even worse than that. Because the passwords are encrypted with a 64-bit block cipher such that each block stands alone, you get the same ciphertext if you share *part* of your password with someone else.

For example, passwords that _start_ "password" all come out like this:

2fca9b003de39778 xxxxxxxxxxxxxxxx

And since e2a311ba09ab4707 in any encrypted block means "eight zeros", when you see that string, you know that the password is exactly as long as fits in the previous blocks, i.e. you have the password length.

Close to 1/3 of the passwords come out as:

xxxxxxxxxxxxxxxx e2a311ba09ab4707

That tells you they are *exactly* 8 characters long, which helps you a lot when combined even with an ambiguous or incomplete hint.

All explained in glorious technicolour (including a calmingly soft shade of blue) here:

In the last part, where you ask companies to take better care when storing passwords, I think it would have been wise to mention that the best option is not to store passwords at all, but use other sites for that. You do just that for this comment by using Google for authentication, and it seems to work fine !

Using Google for authentication to all your accounts, introduces a single point of failure. If an attacker gets your password (key-logging, MITM, MITB..etc) all of your accounts become vulnerable. There are several user-transparent & economical multi-factor authentication solutions available in the market, on line service providers should consider alternatives to password based authentication